Each CAPTCHA verification generates parameters that will be returned to GeeTest via your interface to validate the request.

Secondary validation API

Interface information Description
URL http://gcaptcha4.geetest.com/validate
Request method GET/POST
Type of content application/x-www-form-urlencoded
Response format json

Request parameters

Parameter Name Type Description
lot_number string Verify serial number
captcha_output string Verify output information
pass_token string Verify passing identity
gen_time string Verify passing timestamp
captcha_id string Verify id
sign_token string Verify signature

Response parameters

Parameter Name Type Description
result string Secondary validation result
reason string Validation result description
captcha_args dict Verify output parameters

Sample code

Here is an example in Python:

def post(self):
# 1. Initialize GeeTest parameter information
captcha_id = '647f5ed2ed8acb4be36784e01556bb71'
captcha_key = 'b09a7aafbfd83f73b35a9b530d0337bf'
api_server = 'http://gcaptcha4.geetest.com'

# 2. Get the verification parameters passed from the front end after user verification
lot_number = self.get_argument('lot_number', '')
captcha_output = self.get_argument('captcha_output', '')
pass_token = self.get_argument('pass_token', '')
gen_time = self.get_argument('gen_time', '')

# 3. Generate signature
# Using standard hmac algorithms to generate signatures, using the user's current verification serial number lot_number as the original message, and the client's verification private key as the key
# Using sha256 hash algorithm to hash message and key in one direction to generate the final signature
lotnumber_bytes = lot_number.encode()
prikey_bytes = captcha_key.encode()
sign_token = hmac.new(prikey_bytes, lotnumber_bytes, digestmod='SHA256').hexdigest()

# 4. Upload verification parameters to the second verification interface of GeeTest to verify the user verification status
query = {
"lot_number": lot_number,
"captcha_output": captcha_output,
"pass_token": pass_token,
"gen_time": gen_time,
"sign_token": sign_token,

# captcha_idParameter is recommended to be placed after url, so that when an exception is requested, it can be quickly located in the log according to the id
url = api_server + '/validate' + '?captcha_id={}'.format(captcha_id)

# Pay attention to handling interface exceptions, and make corresponding exception handling when requesting GeeTest secondary verification interface exceptions or response status is not 200
# Guarantee that the business process will not be blocked by interface request timeout or service non-response
res = requests.post(url, query)
assert res.status_code == 200
gt_msg = json.loads(res.text)
except Exception as e:
gt_msg = {'result': 'success', 'reason': 'request geetest api fail'}

# 5. According to the user authentication status returned by GeeTest, the website owner conducts his own business logic
if gt_msg['result'] == 'success':
self.write({'login': 'success', 'reason': gt_msg['reason']})
self.write({'login': 'fail', 'reason': gt_msg['reason']})
Was this helpful?